Overview

overview

8

Static

static

6

6913dd93c5...18.apk

android-9-x86

8

6913dd93c5...18.apk

android-13-x64

8

Analysis

  • max time kernel
    176s
  • max time network
    185s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240514-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
  • submitted
    23-05-2024 00:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6913dd93c51906fa437b45a279d97a6a_JaffaCakes118.apk

  • Size

    17.9MB

  • MD5

    6913dd93c51906fa437b45a279d97a6a

  • SHA1

    9b8ea701727d28e7bebdb005ef3b6fea0f96ad87

  • SHA256

    4a25ad7a92add771ce4d69e797b3ec28be3d251f5accaff68023e06f809f1d75

  • SHA512

    8b568eb47757c37a88890ae1733f7b6d13ceb0636694f101b84982a5667535154df44c1452c9a6199b410d36119a0d9114777c6e4be78bf47774ad84cb164fd2

  • SSDEEP

    393216:n04p8Owz60so0X0C+ScCR/cK6w9d0e8GOY32sUnojGptaEl:DK6f/Zxb6w30e8GOJ7nojGpYM

Score
8/10
collectiondiscoveryevasionimpact

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.yifang.erp
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    111B

    MD5

    73fbbe9b572a921ba578cf545417c12c

    SHA1

    661d71f621cd0af508de7c5bef82b455171ea822

    SHA256

    88138155873c6e6f80d96177b4b1237b6945140b27f664b3895fc1aba5a66ac0

    SHA512

    0b8d555a40adeeed20ba195c21fa2033dbdbd67b5caaebcc274c71008923814dc91956c0ff55d5500a31ee777483ae12594e9c819adc61f45c2d0c515eb8fa90

    Download Submit
  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    213B

    MD5

    b77d9e844d1dd753a8b3093d7a2b8079

    SHA1

    4cf51726b7bbbe6a0a591a7594054e4e316e170f

    SHA256

    2a71ab4c52acb2ba7c47f9418f469d2f4db2eb4c4e806d60d65b8949fb90bbf8

    SHA512

    1c93f88fad8c55271b90974e5d6e131fb3377a50f97724cc72ecce5d32f1a291c0ff3ed29a9d89c5a1d78c1e85cc18d97687af175523016661a69cf9e9c6e671

    Download Submit
  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

    Download Submit
  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    111B

    MD5

    3f435b6187a7cc3e3b041f5b57a324ee

    SHA1

    eb649d362fc8e01db86948793013d77e3d8cec62

    SHA256

    4eb612b3a21dab45d22b8d673ab792fb2aa04967ec9bf5b4e61b4390d639fd89

    SHA512

    3c4845ee25069a56373f0240f292d0341bbeb1fc2d80e13a7f22beb8c48ed6e776980d56c94eb674b7d5f71ce0afcd03a8107a850369d3763ecf56ae4fb69d1e

    Download Submit
  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    167B

    MD5

    5f4d601855e811c0a7147bb7d34b410a

    SHA1

    98f26b879eddc902c674b76519dd1210cc3b26f4

    SHA256

    9e858c1126e106416c89801f2928671cc2ae728f00701b0bc9caeb59cf058520

    SHA512

    4427c161e0ce7a2c68af474cef2f7395189e7bd9197af90da15f4332ffa783e10bd7cc69b1b02503d460b35c546f13f1875130094a6af8d812fb26502d26148a

    Download Submit
  • /storage/emulated/0/data/.push_deviceid
    Filesize

    32B

    MD5

    46e4a9543300607ed05513e2d1c7d77b

    SHA1

    0550b17359951e843f489824cbfb430b3546bcee

    SHA256

    96782b7bd82e7263b99d492578ea2ae6c4bfd736fac4132690e82c76ba071ebb

    SHA512

    3b081ce503251f0552e904361246494a0e1865c5134fed971477ec1968bb411ffe5bc0dfbbb4b0d35d89db5de208683bc9acf8881d03b0295a816a68e71d436f

    Download Submit